E-Mail Classification for Phishing Defense

Gansterer, Wilfried N.; Polz, David

doi:10.1007/978-3-642-00958-7_40

Cited by 52 publications

(39 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The performance metric that is compared is the F-measure (for binary classification) and accuracy (for 3-class classification). On the 3-class classification (see Table 10), the comparison of phishGILLNET2 with the study of Gansterer and Pölz [15] on the accuracy metric shows that phishGILL-NET2 resulted in a better performance (97.7%) compared with the best result obtained by Gansterer and Pölz [15]. Thus, topic features using AdaBoost are robust for 3-class classification.…”

Section: Performance Comparisonmentioning

confidence: 87%

See 1 more Smart Citation

phishGILLNET—phishing detection methodology using probabilistic latent semantic analysis, AdaBoost, and co-training

Ramanathan

Wechsler

2012

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Identity theft is one of the most profitable crimes committed by felons. In the cyber space, this is commonly achieved using phishing. We propose here robust server side methodology to detect phishing attacks, called phishGILLNET, which incorporates the power of natural language processing and machine learning techniques. phishGILLNET is a multi-layered approach to detect phishing attacks. The first layer (phishGILLNET1) employs Probabilistic Latent Semantic Analysis (PLSA) to build a topic model. The topic model handles synonym (multiple words with similar meaning), polysemy (words with multiple meanings), and other linguistic variations found in phishing. Intentional misspelled words found in phishing are handled using Levenshtein editing and Google APIs for correction. Based on term document frequency matrix as input PLSA finds phishing and non-phishing topics using tempered expectation maximization. The performance of phishGILLNET1 is evaluated using PLSA fold in technique and the classification is achieved using Fisher similarity. The second layer of phishGILLNET (phishGILLNET2) employs AdaBoost to build a robust classifier. Using probability distributions of the best PLSA topics as features the classifier is built using AdaBoost. The third layer (phishGILLNET3) further expands phishGILLNET2 by building a classifier from labeled and unlabeled examples by employing Co-Training. Experiments were conducted using one of the largest public corpus of email data containing 400,000 emails. Results show that phishGILLNET3 outperforms state of the art phishing detection methods and achieves F-measure of 100%. Moreover, phishGILLNET3 requires only a small percentage (10%) of data be annotated thus saving significant time, labor, and avoiding errors incurred in human annotation.

show abstract

Section: Performance Comparisonmentioning

confidence: 87%

“…phishGILLNET2 supports both 3-class (phish, spam, good) and binary (phish, not-phish) classification. The only method that performs 3-class classification is that of Gansterer and Pölz [15]. All the others perform binary classification.…”

Section: Performance Comparisonmentioning

confidence: 99%

phishGILLNET—phishing detection methodology using probabilistic latent semantic analysis, AdaBoost, and co-training

Ramanathan

Wechsler

2012

EURASIP J. on Info. Security

View full text Add to dashboard Cite

show abstract

“…5) URL_symbol : This numerical data represent the occurrence of links in emails that present symbol. This has been used in [18] but we incorporate other symbol such as "%" and "&"to detect obfuscation url.…”

Section: ) Subject_blacklist_wordsmentioning

confidence: 99%

Using Feature Selection and Classification Scheme for Automating Phishing Email Detection

Hamid¹,

Abawajy²,

KIM³

2013

SIC

View full text Add to dashboard Cite

Email has become the critical communication medium for most organizations. Unfortunately, email-born attacks in computer networks are causing considerable economic losses worldwide. Exiting phishing email blocking appliances have little effect in weeding out the vast majority of phishing emails. At the same time, online criminals are becoming more dangerous and sophisticated. Phishing emails are more active than ever before and putting the average computer user and organizations at risk of significant data, brand and financial loss. In this paper, we propose a hybrid feature selection approach based on combination of content-based and behaviour-based. The approach could mine the attacker behaviour based on email header. On a publicly available test corpus, our hybrid features selection is able to achieve 94% accuracy rate.

show abstract

“…Despite of the high classification rate, this technique needs 10 features, anti-Spam tool and querying external sources (the WHOIS service) to discover the "age of a domain" of the e-mail sender or some URL in the e-mail body. Gansterer and PÖlz [6] introduced a ternary classification approach for distinguishing three groups of e-mail messages in an incoming stream (ham, spam, and phishing). The classification is based on a partly new designed set of features to be extracted from each incoming message.…”

Section: Related Workmentioning

confidence: 99%

Detection of Phishing Emails using Feed Forward Neural Network

Jameel¹,

George²

2013

IJCA

View full text Add to dashboard Cite

Phishing emails are messages designed to fool the recipient into handing over personal information, such as login names, passwords, credit card numbers, account credentials, social security numbers etc. Fraudulent emails harm their victims through loss of funds and identity theft. They also hurt Internet business, because people lose their trust in Internet transactions for fear that they will become victims of fraud. This paper deals with the phishing detection problem and how to detect phishing emails. The proposed phishing detection model is based on the extracted email features to detect phishing emails, these features appeared in the header and HTML body of email using feed forward neural network to classify the tested email into phish or ham email. The results of the conducted tests indicated good identification rate (98.72%) with short required processing time (0.00067 msec.).

show abstract

E-Mail Classification for Phishing Defense

Cited by 52 publications

References 9 publications

phishGILLNET—phishing detection methodology using probabilistic latent semantic analysis, AdaBoost, and co-training

phishGILLNET—phishing detection methodology using probabilistic latent semantic analysis, AdaBoost, and co-training

Using Feature Selection and Classification Scheme for Automating Phishing Email Detection

Detection of Phishing Emails using Feed Forward Neural Network

Contact Info

Product

Resources

About